The digital body: Rethinking privacy and security in wearable health trackers

Over the past decade, wearable activity trackers have become deeply embedded in daily life, providing individuals with real-time insights into physical activity, sleep patterns, heart rate, stress levels and more.

While these devices offer potential benefits in supporting wellness and preventative health, they also pose significant risks to privacy and security. As personal health information and devices shift from clinical settings to commercial platforms, the limits of current legal and policy frameworks are becoming increasingly apparent.

Data collection

Wearable activity trackers collect sensitive and granular personal information through continuous sensor monitoring. This includes accelerometer and gyroscope sensors, heart rate, GPS and biometric inputs.

When combined with machine learning and big data analytics, these datasets can be used to infer deeply private information like mood, stress levels and behavioral patterns — well beyond what users knowingly disclose.

These inferences raise serious surveillance, discrimination and profiling concerns, especially when data flows across platforms and third-party applications without clear or transparent processes.

The illusion of anonymization

Despite claims of anonymization, sensor data often contains unique and persistent fingerprints that make true anonymization difficult, if not impossible. The promise of anonymization can therefore offer a false sense of privacy.

Studies have demonstrated that deidentified activity and location data can be reidentified with high accuracy; this discovery raises concerns about the risk of reidentification and highlights the issue of anonymized information falling outside the scope of regulation.

Consent and the design problem